BSides Tirana 2024
Registration and Networking
Registration and networking over fresh coffee and pastries.
Opening Speech
Heliand Dema
From Attack to Defense: Red Team Lessons from NATO Locked Shields Cyber Exercise
A unique overview of the world’s largest cyber defense exercise, Locked Shields, presented by a Red Team Technical Lead with over a decade of experience. This talk focuses on the progressive development of Red Team techniques since the inception of the exercise. Discover how these advanced attack strategies have prompted Blue Teams to adapt and strengthen their defenses over the years. We'll explore the interplay between offensive and defensive tactics, highlighting key lessons learned and the ongoing challenges faced by both sides.
Jean-Philippe Aumasson
Harderning HSMs for banking-grade crypto wallets
We've been using hardware security modules (HSMs) as part of a custody solution used by banks for the safekeeping of cryptocurrency and other tokenized assets, often managing billions of dollars in value.
However, solely relying on built-in security mechanisms of an HSM, even when FIPS 140-3 certified, isn't enough for this use case. In this talk, we'll first describe an HSM's feature set, architecture, security guarantees, and inherent limitations. Then we'll present tricks and techniques we developed to considerably enhance the security of a crypto wallet. These include measures for attack surface reduction, secure configuration enforcement, request filtering, custom policies, as well as replay protection and state management with minimal statefulness.
Panel Discussion
TBD
Uendi Hoxha
Building Secure Machine Learning Environment in Amazon SageMaker
Building Secure Machine Learning Environment in Amazon SageMaker is about enhancing the importance of security in ML/AI applications and highlighting common security issues like model theft, data breaches and different types of attacks. The focus is on securing AWS services used to build Machine Learning models in AWS, including SageMaker, S3 Bucket, API Gateway, AWS Glue and VPC. The talk covers recommended practices about access control, data encryption, monitoring, mitigations, compliance and governance.
Lunch Break
Valdet Shehu
Managing cybersecurity challenges from third-party service providers in the financial industry
In the rapidly evolving landscape of the financial industry, cybersecurity risks have emerged as a significant concern. This presentation investigates the dynamics of managing cybersecurity challenges and risks arising from third-party service providers in Kosovo’s financial industry.
Abian Morina, Andi Ahmeti
Cloud Warfare: Grappling with Scattered Spider
LUCR-3, also known as Scattered Spider, is a highly persistent threat actor group notorious for their sophisticated cloud-focused attacks. Moving beyond typical cryptomining campaigns, LUCR-3 employs advanced techniques such as push fatigue attacks and SIM swapping to bypass multi-factor authentication (MFA). They have notably targeted major organizations, including MGM and Caesars in late 2023. This group effectively traverses various cloud service models (IaaS, SaaS, PaaS), infiltrating internal communications and SaaS platforms to gather crucial information. Permiso's P0 Labs has tracked LUCR-3 for over 1.5 years, offering detailed insights into their tactics, techniques, and procedures (TTPs). LUCR-3's relentless focus and sophisticated methods make them a significant threat to cloud environments.
Nishaanth Guna
Breaking Free from Remote Browsers
Browser isolation, also known as remote browsing, has gained prominence in the last few years. Numerous vendors offer browser isolation either as standalone products or integrated solutions within environments. While isolating browser content for remote sessions offers benefits, it isn’t an infallible solution that can thwart all attacks. This talk will delve into the protective features provided by such products and explore how adversaries can breach these boundaries, employing various attacks in environments with RBI (Remote Browser Isolation) protections such as malvertising. drive-by downloads, client-side browser attacks. This talk will show real-life examples of how attackers were able to bypass the defensive mechanisms offered by RBI products.
Martin Lutz
Inside Ransomware
Martin Lutz presents a gripping narrative based on true events, chronicling the journey of "Hugo," a marketing specialist who loses his job amid an economic crisis. Desperate to secure an income, Hugo turns to hacking, despite having no prior IT knowledge. Within just 24 hours, he remarkably builds a successful hacker company from scratch.
Coffee Break
Dejvid Sherri
Sifting through the noise, Advanced threat analysis.
This will be an in-depth explanation of the process of collecting and analyzing log data to find exploitation attempts using machine learning techniques as well as more classical methods.
It will explain details ranging from the creation of the custom sensors to creating ways to standardize the log format for easy parsing and processing. Topics that I'll cover will also be related to automated ways to analyze and match exploits in the wild to specific request patterns as well as integrating SIEM systems with constant threat intelligence for more robust detection & protection.
Adi Dibra
Beyond Prevention: The Critical Role of Cyber Resilience in Modern Security Strategies
In today's rapidly evolving threat landscape, traditional prevention controls are no longer sufficient to protect organizations from cyber-attacks. Despite robust preventive measures, breaches are inevitable due to the sophistication of modern threat actors and the increasing complexity of IT environments. This talk will explore the concept of cyber resilience, which focuses on maintaining operational capabilities and minimizing the impact of cyber incidents when they occur.
I will discuss the importance of having a resilience strategy as a complementary approach to prevention, emphasizing the need for quick detection, effective response, and swift recovery.
Closing Speech
- Closing speech
- Announcement of Capture the Flag winners
- Announcement of raffle prize winners
Roland Sako
IoT Security Basics: Hardware Hacking Quickstart
This workshop aims to equip participants with foundational skills in hardware hacking and IoT security, focusing on the practical aspects of extracting and analyzing firmware from IoT devices. Over the course of 90 minutes, attendees will gain hands-on experience in identifying key components on printed circuit boards (PCBs), understanding memory chips and hardware interfaces, and performing firmware extraction using commonly available tools.
Designed for beginners with no prior knowledge of electronics or hardware hacking, this workshop emphasizes practical learning. Participants will work with a target IoT device provided by myself to learn how to safely disassemble it, identify interesting components, interact with hardware interfaces and extract the firmware.
Then we will quickly introduce basic firmware analysis, highlighting tools and techniques for identifying potential security vulnerabilities within the extracted firmware.
Attendees are required to bring a laptop with VirtualBox installed; all other materials and pre-configured virtual machines will be provided.
Nick Dunn
Scripting and Coding for Penetration Testing
The workshop introduces scripting for beginner and intermediate level hackers. It will concentrate on using bash and Python to chain together multiple tools. We'll look at running tools and parsing the output, with a few example scripts, before moving on to reading Nmap output to locate exploitable devices and automatically exploiting them with the MSF API. After the session, attendees should have enough information to write reusable scripts for their testing needs and be able to save themselves a large amount of time on future tests.